AfterDawn: Tech news

Police shut down more Cryptolocker servers, new infections drop

Written by James Delahunty (Google+) @ 05 Jun 2014 0:15 User comments (6)

Police shut down more Cryptolocker servers, new infections drop Over the past couple of days, law enforcement has taken further action against the Cryptolocker ransomware.
Europol's European Cyber Crime Centre (EC3) has discovered and shutdown more command & control servers related to the Cryptolocker ransomware in the past couple of days. On Monday, it was announced that a U.S.-led international effort against Cryptolocker and the GOZeuS botnet had significantly disrupted their operations, saving potential victims millions.

Cryptolocker is a nasty piece of work that encrypts personal files on a victim's PC and will not decrypt them until a ransom is paid, typically 1 bitcoin which could cost you around $600. The malware will even destroy files if the user does not pay up on time. It is estimated to have cost consumers and businesses over $30 million since last summer.

The ransomware was often delivered to a victim's PC through the Gameover ZeuS botnet, but it also spread through malicious e-mails.

The effect of the GOZeuS and Cryptolocker take-down

According to Danish security firm Heimdal Security, which was named by the FBI as an important collaborator against Cryptolocker, the number of estimated new infections per day of Cryptolocker has fallen from around 8,000 to close to zero. Of course, it cannot be absolutely sure of the figures but the infection rate has certainly plummeted.

Law enforcement has warned Internet users that they have a roughly two week window to clean-up GOZeuS and Cryptolocker infections before cybercriminals may be able to wrestle back some control. You can find instructions to detect and remove GOZeuS right here.

In future, a debate may arise about the role of Internet Service Providers in disrupting botnets, with one researcher already saying ISPs need to start quarantining infected computers now until they are cleaned up.

It is not just Windows PCs that are vulnerable to attacks like this either. Just today, ESET published an analysis of the first ransomware for Android phones and tablets that encrypts users' personal files and won't decrypt them unless a ransom fee is paid.

The U.S. has identified, charged and is pursuing a 30-year old Russian man it alleges to have been the top administrator of GOZeuS and Cryptolocker.

Previous Next  

6 user comments

16.6.2014 11:07

If anyone paid this ransom, they are stupid; easier and cheaper to swap out the HDD and reinstall the OS. Reinstalling the OS is also cleaner; don't have to worry about residual viral artifacts that might be lingering.

26.6.2014 12:58

That's what I would have done. I guess people who aren't techies look at paying as the only way out.

I wouldn't give those crooks a dime !!!

This message has been edited since its posting. Latest edit was made on 06 Jun 2014 @ 12:59

36.6.2014 19:18

Yeh why pay to get for example a novel you wrote or source code for software or anything else on your computer of any value, just delete all that shit and reinstall windows noobs! /sarcasm

46.6.2014 21:11

IS it really that easy to get rid of this infection? Do a simple file transfer to another drive and wipe the infected drive out? I would think that they would have it where you can't do a file dump to protect your files or they would already be encrypted so you can't move them.

57.6.2014 6:38

Originally posted by DOS_equis:
IS it really that easy to get rid of this infection? Do a simple file transfer to another drive and wipe the infected drive out? I would think that they would have it where you can't do a file dump to protect your files or they would already be encrypted so you can't move them.

Cyptolocker encrypts every file on any drive that is visible to the computer - not only the main HDD but also any USB drives that have a drive letter. It can't encrypt drives that are on a network unless they are configured as a drive letter on the infected computer.

So even if you dump the whole system to another drive, it is already too late by the time you get the ransom demand.

67.6.2014 21:44

Originally posted by Dr_Shifty:
Originally posted by DOS_equis:
IS it really that easy to get rid of this infection? Do a simple file transfer to another drive and wipe the infected drive out? I would think that they would have it where you cant do a file dump to protect your files or they would already be encrypted so you cant move them.

Cyptolocker encrypts every file on any drive that is visible to the computer - not only the main HDD but also any USB drives that have a drive letter. It cant encrypt drives that are on a network unless they are configured as a drive letter on the infected computer.

So even if you dump the whole system to another drive, it is already too late by the time you get the ransom demand.

OK thanks for the info. Some of the other comments made it seem like you could copy the files over to save them.

Comments have been disabled for this article.

Latest news

A bug in Chrome allows you to download Netflix movies A bug in Chrome allows you to download Netflix movies (25 Jun 2016 15:21)
A group of security researchers have found a vulnerability in Google's Chrome browser that allows downloading movies straight from Netflix. This is obviously not a feature especially the entertainment ....
7 user comments
Three out of four Netflix customers would rather cancel than watch ads Three out of four Netflix customers would rather cancel than watch ads (25 Jun 2016 14:05)
For a long time Netflix was adamant on its pricing. No changes were made for a long time and everything seemed to be good. The markets obviously reacted and more expensive deals and original ....
4 user comments
Apple Music left in the dust, Spotify at 100 million subscribers Apple Music left in the dust, Spotify at 100 million subscribers (25 Jun 2016 12:01)
Spotify has told The Telegraph that it has surpassed the 100 million mark in subscribers. Paying subscribers was earlier this year reported to have passed 30 million. Apple meanwhile is having ....
2 user comments
Rumor has it that Apple has cancelled iPhone's dual camera Rumor has it that Apple has cancelled iPhone's dual camera (18 Jun 2016 18:05)
The next iPhone will be a major upgrade to current iPhone 6s. This biyearly full upgrade cycle provides us with a bigger upgrade every two years. But how will Apple update its number one product, ....
6 user comments
OnePlus releases new flagship killer, smaller X discontinued OnePlus releases new "flagship killer", smaller X discontinued (18 Jun 2016 16:11)
The small Chinese smartphone maker OnePlus took the world by storm two years ago by releasing a super cheap flagship smartphone. They called it the flagship killer, and it indeed challenged ....
4 user comments

News archive